Nessus Prior to 10.7.3: Secure Permissions for Sub-Directories Not Enforced
CVE-2024-3289
7.8HIGH
What is CVE-2024-3289?
A security flaw exists in Nessus software, where installations made to directories outside of the default location on Windows systems prior to version 10.7.3 did not implement secure permissions for sub-directories. This vulnerability can lead to local privilege escalation if directory permissions are not properly configured by the user. It underscores the importance of securing installation paths adequately to prevent unauthorized access and elevation of privileges in environments using Nessus.
Affected Version(s)
Nessus Windows 0